Add roles to User accounts and implement
We'll need to have a way to block certain users from hitting some various endpoints.
Racers don't need to be able to update Events. Volunteers don't need to be able to see all the rider information in the events. Etc.
Ideally, it would be nice to have something similar to this, but if more flaskian ways exists, we should use those:
@app.route('/event/<int:event_id>/update)
@users.role('event_organizers')
def update_event(event_id):
# update event only if they are an event organizer